Identity services increase efficiency and security for major retailer
Snapshot
As a large fashion retailer based in Seattle, our client used dozens of apps – open-source, commercial, and internal – that were accessed by employees in the office and remotely. Many applications required independent identity stores.
As a result, dozens of disparate identity stores existed which needed to be provisioned for access, patched, and audited.
- Employees had to use unique credentials for each app.
- Each new corporate acquisition brought with it its own set of apps.
- Employees regularly forgot their usernames and passwords, requiring the help desk to renew their access.
- Every time an employee’s status changed, IT had to update their credentials for each app.
- Any time a new application was deployed, the security team had to devote a third of the development time writing a script to store user passwords, roles, reset abilities, and related functionality.
These processes were inelegant and inefficient, generating hours of busywork and creating significant security risks for the client. Time spent updating and resetting passwords distracted team members from higher-level tasks. Our client needed a solution that eliminated roadblocks and drove efficiencies across the enterprise.
Challenge
The client chose Kalles Group to assist the DevOps Engineering team in building a highly secure and scalable Single Sign-On (SSO) experience. In order to avoid any interruption to employees’ workflow, Kalles Group and the client worked together using an agile methodology to deliver an MVP release.
The MVP enabled all employees, vendors, and contractors to access all internal and commercially deployed applications, whether from within the office or remotely via VPN.
All users logged in using a single identity in the morning, granting them access to all necessary apps. If an employee was terminated, the employee’s single account could be disabled, instantly securing all applications. The SSO was made available to PC, Linux, Macintosh, and mobile users.
Kalles Group then designed a flexible solution that grew and scaled seamlessly from the MVP. Moving forward, the client’s DevOps team could accommodate new feature requests as they arose, architect and integrate them into the platform, and easily adjust the platform to meet changing business requirements.
Approach
For the platform, Kalles Group developed a hybrid solution, using a cloud-based identity provider and private cloud-based connectors to the Active Directory. By leveraging open-source software wherever possible, Kalles Group eliminated many licensing costs for the client.
Within the first 90 days following launch, over a dozen internal and open-source applications were integrated into the new SSO platform, which now supported:
- One set of credentials for either internal or remote access, enabling ease of use for employees, vendors, and partners
- User-specific, individualized functionality on an app-by-app basis, such as multi-factor, one-time, and social logins
- Self-service password reset, reducing help desk requests
- Quick integration capability for internal applications, streamlining development time
- Full UI branding, allowing teams to personalize apps to their needs
Additionally, the Kalles Group team provided solution documentation and delivered a full knowledge transfer, empowering the client with the capacity to operate, enhance, and optimize the platform. The Kalles Group team worked alongside client developers and hosted weekly lunch-and-learn trainings on requested topics.
Results
The client now enjoys a highly-available, auto-scaling, and secure SSO platform that all of their employees, partners, and vendors can access, whether they’re on or off VPN, or working remotely or on-premises.
Now that the SSO enables faster applications onboarding, minimizes security leaks, and streamlines productivity across teams, the client is freed up to focus on the future, adding new technology that will expand the capabilities of the business.